At yesterday’s Senate Banking Committee hearing on Libra, the digital currency project led by Facebook with 27 other partners, concerns about its potential to undermine U.S. national security featured prominently. Senators from across the political spectrum, including Arkansas’ Tom Cotton and New Jersey’s Bob Menendez, suggested that Libra might lend itself to the scheming of malicious actors and U.S. strategic foes, a worry expressed the day before by Treasury Secretary Mnuchin.
How vulnerable will Libra be to criminal uses? A careful examination of the digital currency’s mechanics and its likely employment by financial services providers, suggests that policymakers have reacted prematurely. In fact, cryptocurrencies are significantly less useful to criminals than cash, because they leave a public record of transactions. Furthermore, Libra is even less useful than other cryptocurrencies because its management by gatekeepers means that users will not be able to conceal their identity in the limited ways available to users of open‐access cryptocurrencies such as Bitcoin.
As with their warnings about systemic risk and monopoly, policymakers’ concerns about the national security risks of Libra lack a firm foundation. This post, the third in a series on Libra, discusses why.
National security risk
Even those who welcome the potential transaction‐cost reductions and increased opportunities for peer‐to‐peer exchange that cryptocurrencies promise have expressed concerns about their use for criminal purposes. Such worries are understandable: Between 2011 and 2013, Bitcoin was the preferred medium of exchange on Silk Road, the online marketplace notorious for facilitating illicit drug purchases. And just this weekend the New York Times reported that Russian operatives working to undermine the 2016 Democratic presidential campaign used bitcoin to pay for some of their purchases.[1]
Criminals can attempt to use cryptocurrency, just as they can attempt to do so for their malicious activities.
But the anecdotal evidence overstates the degree to which cryptocurrencies facilitate crime. While the pseudonymous nature of cryptocurrency transactions disguises the identity of the people involved, most cryptocurrencies are a poor instrument for nefarious activities. This is because the transaction ledger, the blockchain, is publicly accessible and includes information about the origin and destination of cryptocurrency payments. Firms like Chainalysis (whose co‐founder the Times article cited) and Elliptic have in fact made it their business to pore through blockchains on behalf of clients, including the U.S. government, to combat fraud and aid the pursuit of crime.
Libra seems even less likely to appeal to crooks. Unlike Bitcoin and Ethereum, the largest cryptocurrencies in circulation, Libra will not be an open‐access network where anyone can purchase units of Libra, and generate new units, without going through an intermediary. Rather, the Libra Association expects the 100 members it hopes to have by 2020 to process Libra transactions through their own “validator nodes.” Sales of Libra to the public will take place through “authorized resellers,” which David Marcus, in his testimony Tuesday to the Senate Banking Committee, described as “a geographically distributed network of regulated custodians with investment‐grade credit ratings.”
Both resellers and validators will act as intermediaries and be subject to prudential and consumer protection rules. Furthermore, digital wallet providers – who will support the applications people use to make and receive Libra payments – will collect personal information from Libra users to comply with regulations against money‐laundering and financial crime in the jurisdictions where the user lives. For example, Calibra, Facebook’s own digital wallet subsidiary, has registered as a money services business with the Financial Crimes Enforcement Network (FinCEN) at the U.S. Treasury. Calibra also holds eight state money transmitter licenses as of July 16. From Marcus’ testimony, it seems Calibra would like to have licenses in all U.S. jurisdictions – states and territories – before Libra launches in 2020. Marcus also stated the Libra Association will register with FinCEN, despite being a Swiss‐based foundation.
There are many problems with America’s anti‐money laundering/know‐your‐customer (AML/ KYC) regulations. They are the most expensive single compliance cost for banks, but their actual contribution to the fight against crime is unclear. Recent studies have pointed out that prosecutions and convictions have not increased as the number of AML/ KYC filings grew. I have previously shown that more than a third of suspicious activity reports (SARs) filed by financial institutions have no tag, suggesting that the motivation for filing them was defensive (“better safe than sorry”). Moreover, AML/ KYC regulations are sometimes the reason banks and other entities refuse to do business with certain individuals, undermining financial inclusion.
Whatever their effectiveness, AML/ KYC regulations apply to most financial intermediaries, including the firms offering payments services using Libra. Those who worry that Libra will be a gateway into the financial system for malicious actors seem unaware that members of the Libra Association will be under the obligation to comply with AML/ KYC rules. For example, Calibra, as a money services business, will collect customer information and report evidence of suspicious transactions to FinCEN. Other digital wallet providers who take custody of customer funds will fall under the same regulations. Because it is not possible to get hold of Libra units but by going through a licensed intermediary, even the limited means by which users of other cryptocurrencies currently can conceal their identity will be unavailable to Libra users.
A separate security concern regarding Libra involves the Association’s decision to locate its headquarters in Geneva, Switzerland. Sen. Sherrod Brown, Ranking Member of the Senate Banking Committee, has repeatedly warned against allowing “Facebook to run a risky new cryptocurrency out of a Swiss bank account.” Rep. Patrick McHenry, his counterpart on the House Financial Services Committee, has also questioned the Libra Association’s foreign base, even while describing digital currencies as “an enormous opportunity … to reduce the cost of transactions.”
Although Facebook and its partners have not themselves explained why they chose Switzerland as Libra’s headquarters, there are good and legitimate reasons for that decision. First, Switzerland has become a cryptocurrency hub, thanks to its financial regulator’s comparably welcoming approach to blockchain technology and cryptocurrency offerings. Contrast that with America’s regulatory fragmentation, political suspicion of cryptocurrencies, and the worrying trend of regulation by enforcement, as exemplified by the SEC’s recent lawsuit against Kik, Inc. In early 2018, Switzerland outlined a clear approach to the regulation of different types of cryptocurrencies. This approach has attracted many of the non‐profit entities that often govern cryptocurrencies, such as the Ethereum Foundation.
Switzerland also has a long history as a politically stable and legally transparent jurisdiction for the establishment of foundations. While its longstanding protection of bank secrecy was controversial with other governments, the days of secret Swiss bank accounts are long over. Secrecy does not seem to be the goal of the Libra Association anyway. But regulatory certainty and political stability are necessary if Libra is to succeed.
So is the choice of a neutral jurisdiction for what hopes to become a loose multi‐member association of financial services providers. When I first heard about Libra’s Swiss headquarters, I thought the move wise if the Libra Association wishes to attract members from countries who sometimes look warily at the U.S. government’s use of financial regulation in the pursuit of foreign policy. These countries are not mainly repressive regimes, such as Iran and Venezuela, whose financial systems are so insular and controlled that it would be difficult to bring them into the Libra network. Rather, they are mostly large jurisdictions such as India, China, and the EU, with which the U.S. has close commercial and financial ties, but whose governments do not necessarily wish for America to have control over the global financial infrastructure. Last year’s tug‐of‐war over the enforcement of U.S. sanctions against Iran by EU‐based SWIFT, which ended with SWIFT’s reluctant agreement to cut ties with Iranian banks, illustrated the long reach of U.S. sanctions policy, even when pursued unilaterally.
Whether the Libra Association’s foreign location could undermine U.S. policy, regardless of its merits, is unclear. I think it unlikely, given what we know about Libra so far. We now know that the Libra Association itself will register with FinCEN. Furthermore, the Libra Reserve that will back each unit of Libra currency will almost certainly include U.S. dollars and U.S. government securities. U.S. entities will also feature among Libra’s transaction validators and authorized resellers. For all of these reasons, it will be difficult for the Libra Association to resist enforcing the policy of the U.S. government. In sum, the choice of Geneva as Libra’s headquarters seems to owe more to legal and regulatory expediency than to an attempt to place the new digital currency outside the reach of American financial regulation.
Despite sensational news stories, the national security risks of cryptocurrency are exaggerated. As a permissioned network with licensed financial intermediaries acting as gatekeepers, Libra will prove even less accessible to those seeking to conceal their identity and motives, including criminals. Policymakers who understand the promise of a more competitive payments system would do well to approach allegations of Libra’s vulnerability to criminal abuse with a grain of salt.
[1] As has become the convention, I capitalize Bitcoin when referring to the cryptocurrency network and use lower‐case when referring to units of the cryptocurrency.
